Oh, It's a bit frustrating, we just can't afford ugrading to NG straightaway, I suppose meshed structure is a way forward... Guys can you confirm that 4.1 can't work as hub-n-spoke (I need to inform boss).
Lots of thanks, Alexander -----Original Message----- From: Gareth Bromley [mailto:[EMAIL PROTECTED] Sent: 15 December 2003 15:28 To: Oleshev, Alexander Subject: Re: [FW-1] Cisco-Checkpoint-Cisco On Mon, 15 Dec 2003, Oleshev, Alexander wrote: > I was wondering if you can help me. Basically we have a Checkpoint FW-1 4.1 > (Nokia IP330) and 2 locations connected to it through site-to-site VPN (both > locations have Cisco devices - router and firewall). I tried to set up a > secure connection between them and failed. > "Encryption failure. Neither source nor destination are in my domain scheme > : FWZ" is in log and packets are dropped. When they connect directly to us > (just main office and one of the branches) everything is fine. So, generally > speaking we have "hub and spoke" configuration. I was wondering what I need > to configure on Checkpoint in order to allow such communications through it. > Quick picture: > CiscoRouter---vpn---Checkpoint---vpn---CiscoPIX > Router to FW-1 and back works fine > PIX to FW-1 and back works fine > Router to PIX or back doesn't work. OK if Im reading this right, you want traffic from router network to goto the PIX network via VPN where: Router goes to Checkpoint Checkpoint goes to PIX OK this isnt possible with 4.1 of the firewall code as it doesn't support spoke to spoke routing via the hub (Checkpoint NG does). Ways to fix this are: - Upgrade to NG, and be supported again - Create a VPN from the Router to the PIX so you have a fully meshed VPN HTH Gareth ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
